Privacy Policy
Data protection declaration
Thank you for your interest in our company! The protection of your personal data is important to us. We collect and use your personal data exclusively in accordance with, and within the framework of, the valid data protective laws of the Federal Republic of Germany, particularly the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other applicable legal data protection provisions.
The purpose of this Declaration is to inform you of the nature, extent and purposes of the collection and use of personal data when you use our website. You can access this information on our website at any time.
Personal data is all data through which a natural person (data subject) can be directly or indirectly identified, e.g. name, address, e-mail address and user behaviour.
I. Name and contact details of the data controller and contact details of the Data Protection Officer
1. The data controller, as defined in the data protection laws (Art. 4 para. 7 GDPR), is:
Berner International GmbH
Werner-von-Siemens-Str. 19
25337 Elmshorn
Germany
Tel.: +49 4121 43560
E-Mail: info@berner-safety.de
Website: www.berner-safety.de
2. You can reach our Data Protection Officer at:
E-Mail: datenschutz@berner-safety.de
or at
Berner International GmbH
- The Data Protection Officer -
Werner-von-Siemens-Str. 19
25337 Elmshorn
Germany
Tel.: +49 4121 43560
If you have any questions or ideas concerning data protection, please do not hesitate to contact our Data Protection Officer directly.
II. General principles
1. Extent of, and legal bases for, the processing
We only process personal data in accordance with the legal provisions. In particular, we only process personal data if you have given your consent or if the processing is otherwise legally permitted
Insofar as we obtain the data subject’s consent to the processing of personal data, the legal basis for this is Art. 6 para. 1 lit. a) of the EU General Data Protection Regulation (GDPR).
In the event of processing personal data that is necessary for the performance of a contract in which the data subject is a contracting party, the legal basis for this is Art. 6 para. 1 clause 1 lit. b) GDPR. This also applies to processing that is necessary for carrying out precontractual measures.
Insofar as the processing of personal data is necessary in order to fulfil a legal obligation to which our company is subject, the legal basis for this is Art. 6 para. 1 clause 1 lit. c) GDPR.
In the event that vital interests of the data subject or of another natural person make it necessary to process personal data, the legal basis for this is Art. 6 para. 1 clause 1 lit. d) GDPR.
If the processing is necessary in order to safeguard a legitimate interest of our company or of a third party, and if the interests, basic rights and basic freedoms of the data subject do not outweigh the first-mentioned interest, the legal basis for this is Art. 6 para. 1 clause 1 lit. f) GDPR.
We specify the respective legal basis for the processing in conjunction with the information on the individual data processing procedures in this Data Protection Declaration, or when you disclose your personal data.
2. The forwarding of data
At our company, we only give access to your data to those departments that require the data in order to safeguard our legitimate interests or to fulfil our contractual or legal obligations or in order to answer your enquiries.
In some cases, we commission external service providers to process your data; these service providers process the data on our behalf as data processors (e.g. for central IT services or for the hosting of our website). Service providers who work for us as data processors are onlyIn some cases, we commission external service providers to process your data; these service providers process the data on our behalf as data processors (e.g. for central IT services or for the hosting of our website). Service providers who work for us as data processors are only allowed to use the data in accordance with our instructions. In this case, we are legally responsible for seeing that adequate data protection precautions are implemented at the companies that we commission. These companies have been selected by us with meticulous care, have been commissioned in writing in accordance with the legal requirements, are under a binding obligation to follow our instructions and are regularly inspected.
Your personal data will only be forwarded to third parties provided this is legally permissible – particularly if
- you have given your explicit consent to it, pursuant to Art. 6 para. 1 clause 1 lit. a) GDPR,
- the forwarding of the data is necessary for concluding contractual relationships with you, pursuant to Art. 6 para. 1 clause 1 lit. b) GDPR,
- there is a legal obligation to forward the data, pursuant to Art. 6 para. 1 clause 1 lit. c) GDPR,
- the forwarding of the data is necessary to safeguard our legitimate interests, pursuant to Art. 6 para. 1 clause 1 lit. f) GDPR, provided your own interests do not outweigh ours.
If we plan to pass on personal data to third parties, you will find more details on this point in the information on the individual data processing procedures in this Data Protection Declaration or when disclosing your personal data.
3. Duration of storage and erasure of data
We only process and store personal data for the period of time that is necessary for achieving the purpose of the processing. If the purpose of the processing ceases to exist, the data will be erased, unless statutory storage obligations stand in the way of its erasure. In the latter case, the processing will be restricted in order to fulfil the storage obligations.
You will find further details in conjunction with the information on the individual data processing procedures in this Data Protection Declaration, or when disclosing your personal data.
4. Data security
We use SSL or TLS encryption for visits to the website and in order to protect the transmission of content. You can see this by the closed depiction of the key or lock symbol in the bottom status bar of your browser, which your browser displays when there is an SSL connection.
Besides this, we also employ appropriate technical and organisational security measures to protect your data from accidental or intentional manipulation, partial or total loss, destruction, or unauthorised access by third parties. Our security measures are being continually improved, in accordance with the ongoing technological developments.
5. Your rights as the data subject
With regard to the personal data concerning you, you have the following rights:
- The right to revoke consent
- The right of access
- The right to rectification or erasure
- The right to restrict the processing
- The right to object to the processing
- The right to data portability
- The right to file a complaint at a supervisory authority
You can find more detailed information on your rights in Section IV. of this declaration.
III. Information on individual data processing procedures
The following stipulations provide more detailed information on the individual data processing procedures, for example about what personal data is collected, for which purposes it is used, the legal basis that entitles us to collect the data, how long it will be stored and, if applicable, to whom it will be transferred:
1. Data processing when you visit the website
When you access our website, the browser used on your device automatically sends data to the server of our website. That data is temporarily stored in a so-called “log file”. The following information is thereby collected automatically (i.e. without any action on your part), and stored until its automated erasure:
- Browser types and versions used,
- The operating system used by the accessing system,
- The website from which an accessing system gets to our website (“referrer URL”)
- The sub-pages visited via an accessing system on our website
- The date and time of accessing the website
- An internet protocol address (IP address)
- The internet service provider of the accessing system.
We process the aforementioned data for the following purposes:
- To display the website
- To ensure that the website has a smooth connection set-up
- To ensure that our website offers comfort of use
- To analyse system security and stability
- For further administrative purposes
The legal basis for the data processing is Art. 6 para. 1 clause 1 lit. f) GDPR. Our legitimate interest lies in the purposes of the data processing listed above. We do not, under any circumstances, use the collected data for the purpose of drawing conclusions about you as a person.
To ensure the security of our IT systems, particularly for defending against cyber attacks, the data is temporarily stored for a short time and subsequently erased.
We hereby draw your attention to the fact that, in the event of your data being processed on the basis of Art. 6 para. 1 clause 1 lit. f) GDPR, you have the right to object to the processing, pursuant to Art. 21 GDPR. You will find more detailed information on this in Section IV. 10 of this Data Protection Declaration.
Furthermore, when anyone visits our website, we use cookies. You will find a more detailed explanation of this process in Pt. 2 of this Data Protection Declaration.
2. Cookies
3. Data processing when you contact us by e-mail
If you contact us via the e-mail address provided, the data you disclose is stored by us and used for the exclusive purpose of processing your enquiry and contacting you to handle your request.
The legal basis for processing data that is forwarded in the course of transmitting an e-mail is Art. 6 para. 1 clause 1 lit. f) GDPR. Here, our legitimate interest lies in handling your request, and is not outweighed by any of your interests, as you contact us voluntarily for this purpose.
We hereby draw your attention to the fact that, in the event that data is processed on the basis of Art. 6 para. 1 clause 1 lit. f) GDPR, you have the right to file an objection to the said processing, in accordance with Art. 21 GDPR. You will find more detailed information on this point in Section IV. 10 of this Data Protection Declaration.
If you contact us for the purpose of concluding a contract, an additional legal basis for the processing is Art. 6 para. 1 clause 1 lit. b) GDPR.
We automatically erase the data if the storage is no longer necessary, particularly if we have finished processing your enquiry. Our further use of data that we have stored for other purposes and that we are entitled to process on the foundation of a different legal basis (e.g. relating to data necessary for the execution of the contract) shall thereby remain unaffected. Insofar as we are subject to any statutory storage obligations, we will restrict the processing to the amount necessary to fulfil the said obligations. Irrespective of this, you are entitled to exercise your rights as a data subject. For more detailed information, please refer to the information we provide on the rights of the data subject in Section IV of this Data Protection Declaration.
4. Data processing when you use our contact form for product enquiries
We offer you the option of contacting us through a form that is provided on the website, in order to make enquiries about a specific product.
If you would like to take advantage of the offered option of using the contact form for product enquiries, we need your valid e-mail address to enable us to contact you concerning your product enquiry. Further data can be entered on a voluntary basis.
When you contact us via the contact form, the data you provide is transmitted in an encrypted form and stored and used by us to contact you in order to handle your request.
When you use our contact form, the legal basis for processing the data is Art. 6 para. 1 clause 1 lit. b) GDPR, as it involves precontractual measures that are taken on the basis of your enquiry.
We automatically erase the data if it is no longer necessary to store it, particularly if we have finished processing your enquiry. Our further use of data that we have stored for other purposes and that we are legally entitled to process on the foundation of a different legal basis (e.g. relating to data necessary for the execution of the contract) shall thereby remain unaffected. Insofar as we are subject to any statutory storage obligations, we will restrict the processing to the degree that is necessary to fulfil the said obligations. Irrespective of this, you are entitled to exercise your rights as a data subject. For more detailed information, please refer to our information on the rights of the data subject in Section IV of this Data Protection Declaration.
5. Data processing in the case of job applications
If you send us job applications by e-mail or in writing, we only process your data relevant to your application for the purpose of conducting the application procedure. We will not pass on your data to third parties.
The legal basis for the processing is Art. 88 GDPR in conjunction with Section 26 of the German Federal Data Protection Act (BDSG), as we need your data in order to decide whether or not to establish an employment relationship with you.
If the application procedure ends with the concluding of an employment contract, the forwarded data will be stored for the purpose of establishing the employment relationship, in conformity with the legal provisions. Otherwise, the application documents will be automatically erased three months and one week after we have informed you that your application has been rejected, unless we are entitled to store your data beyond that period, for up to 6 months, on the foundation of a different legal basis, e.g. based on your explicit consent.
6. Data processing for the purpose of newsletter mailings
If you have subscribed to our newsletter, we use the data that you enter into the input mask for the exclusive purpose of sending you our newsletter, which contains current information on products, services and marketing campaigns, trade fairs and other news. To receive the newsletter, it suffices if you give us an e-mail address, although you can disclose your name on a purely voluntary basis. If you disclose your name to us, we will only use it in order to address you personally. We will not pass on the data to third parties.
For receiving subscriptions to our newsletter we use what is called the “double opt-in procedure”. This means that after you subscribe, we will send you an e-mail to the e-mail address you have provided, in which we ask you to confirm that you want to be sent the newsletter. If you do not confirm your subscription within 48 hours, your data will be blocked and, after one month, automatically erased.
The data processing is based on your consent, pursuant to Art. 6 para. 1 clause 1 lit. a) GDPR.
You can at any time revoke your consent to being sent the newsletter and unsubscribe from the newsletter. For more detailed information, please see our information on the rights of the data subject in Section IV. 1, and information on exercising this right in Section IV. 8 of this Data Protection Declaration. You can declare your revocation of consent by clicking on the link provided in each newsletter e-mail, by sending an e-mail to datenschutz@berner-safety.de or by sending a message to the contact data provided in the company details section.
The following data is additionally collected when you subscribe to the newsletter:
- The IP address of the computer system used at the time of subscribing
- The date and time of the subscription registration and confirmation
It is necessary for us to collect this data in order to be able to verify your subscription and to make it possible to later check any misuse of your e-mail address. The collection of this data therefore serves to protect us legally. The legal basis for it is Art. 6 para. 1 clause 1 lit. f) GDPR. We hereby draw your attention to the fact that, in the event of data processing based on Art. 6 para. 1 clause 1 lit. f) GDPR, you have the right to file an objection to the processing in accordance with Art. 21 GDPR. You will find more detailed information on this point in Section IV. 10 of this Data Protection Declaration. As it is necessary for us to store the data for our own legal protection, if you exercise this right to object, you must unsubscribe from the newsletter.
Your data will be stored for as long as you subscribe to the newsletter. After you unsubscribe the data will be erased. The continued use of data that we have stored for other purposes and which we are entitled to process on the foundation of a different legal basis (e.g. relating to the data necessary for the execution of the contract) shall thereby remain unaffected.
7. Google Maps
We use the Google Maps service via an API, in order to visually display geographical information through the Google Maps service. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
When someone uses Google Maps, Google also collects, processes and uses data on the use of the map functions by visitors to the website, particularly their IP address. This data is generally transmitted to one of Google’s servers in the USA. The provider has no control over this said data transmission.
The data transfer takes place irrespective of whether Google provides a user account through which you are logged in, or whether no user account exists. If you are logged into Google, your data is directly assigned to your account. If you do not wish it to be assigned to your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses these for the purpose of advertising, market research and/or the needs-oriented design of its website. In particular, such analysis is carried out (even in the case of users who are not logged in) for the purpose of placing needs-appropriate advertisements and of informing other users of the social network about your activities on our website.
We use Google Maps in order to make our website more appealing and to give you the possibility of more easily finding locations that are given on our website – for example, our company headquarters.
The legal basis for the data processing is Art. 6 para. 1 lit. f) GDPR. The purposes presented above collectively represent a legitimate interest that is not outweighed by the interests of the data subject.
You have the right to file an objection to the creation of these user profiles, whereby in order to exercise this right you must contact Google.
You will find further information on the purpose and extent of the data collection and its processing by Google in Google’s privacy policy, where you will also find further information on your data protection rights and on optional settings for protecting your privacy: https://policies.google.com/privacy?hl=en&gl=en. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
8. Embedded YouTube videos
(1) On our website, we have embedded YouTube videos, which are stored on http://www.YouTube.com and can be played directly on our website. The provider is YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.
(2) We only have videos from our own YouTube channel embedded on our website. The embedding is done for the purpose of making our website more appealing and informative. The legal basis for this is Art. 6 para. 1 clause 1 lit. f)) GDPR. The underlying commercial goal should be regarded as a legitimate interest in the sense of the GDPR.
(3) When embedding videos, we use the “extended data protection mode” option provided by YouTube. According to the information supplied by YouTube, this means that if you do not play the videos, no data concerning you as a user will be transmitted to YouTube. Not until you play the videos will the data specified in paragraph 4 be transmitted. We have no control over this transmission of data.
(4) When you play the videos, YouTube receives the information that you have accessed the relevant sub-page of our website. In addition, the data specified in Pt. 1 of this Declaration and collected when you visit the website, is also forwarded. This takes place irrespective of whether YouTube provides a user account through which you are logged in, or whether no user account exists. If you are logged into Google, your data is directly assigned to your account. If you do not wish it to be assigned to your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses these for the purpose of advertising, market research and/or the needs-oriented design of its website. In particular, such analysis is carried out (even in the case of users who are not logged in) for the purpose of placing needs-appropriate advertisements and of informing other users of the social network about your activities on our website. You have the right to file an objection to the creation of these user profiles, whereby in order to exercise this right you must contact YouTube.
(5) You will find further information on the purpose and extent of the data collection and its processing by YouTube in YouTube’s privacy policy, where you will also find further information on your data protection rights and optional settings for protecting your privacy: https://policies.google.com/privacy?hl=en&gl=en . Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework
9. MyFonts
We use web fonts from "MyFonts", a service of MyFonts Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA, in order to ensure a uniform and appealing presentation of the typeface on our website.
When you visit our website, these web fonts are loaded into your browser cache. To do this, a connection is established to a server, which is usually a MyFonts server in the USA. The IP address you are using and which of our websites you have visited are transmitted to the server. Due to the license terms of MyFonts, page view tracking is carried out via the “MyFonts Counter”, with which the number of visits to the website is counted for statistical purposes and transmitted to MyFonts.
You can find the MyFonts data protection declaration here:
https://www.myfonts.com/legal/website-use-privacy-policy
You can find more information about MyFonts here:
https://www.myfonts.com/
IV. The rights of the data subject
As the data subject, you have the following rights:
1. The right to revoke consent
Pursuant to Art. 7 para. 3 GDPR, if you have given your consent to the processing of your data, you have the right to at any time revoke the consent that was once granted. This will result in our no longer being allowed to continue processing the data for which you gave your consent, in the future. The lawfulness of the processing carried out up to the said revocation shall thereby remain unaffected: this means that the processing carried out in the past on the basis of your consent shall remain lawful.
2. The right to confirmation and right of access
Pursuant to Art. 15 GDPR, you have the right to request confirmation from us as to whether personal data concerning you are being processed. You furthermore have the right of access, free of charge, regarding your personal data that is processed by us. You can, in particular, request access to information regarding:
- The purposes of the processing
- The category of the personal data
- The categories of recipients to whom your data has been or is being disclosed
- The planned duration of storage
- Your existing right to rectification, erasure, restriction of processing or right to object
- Your existing right to file a complaint
- All available information on the origin of your data, if it was not collected at our company
- The existence of automated decision-making, including profiling, and – if necessary – meaningful information on the details of these procedures.
3. The right to rectification
Pursuant to Art. 16 GDPR, you have the right to request the immediate rectification of incorrect data or the completion of your personal data stored at our company.
4. The right to erasure
Pursuant to Art. 17 GDPR, you have the right to request the immediate erasure of your personal data stored at our company, if one of the following reasons applies:
- The personal data is no longer required for the purposes for which it was collected or processed in any other way,
- you revoke your consent on which the processing was based, and there is no other legal basis for the processing,
- you file an objection to the processing, which is carried out based on Art. 6 para. 1 clause 1 lit. b) or f) GDPR, and there are no overriding legitimate reasons for the processing, or you file an objection against the processing of data for the purpose of direct advertising,
- the personal data has been processed unlawfully,
- it is necessary to erase the personal data in order to fulfil a legal obligation in conformity with European Union law or the law of the member states to which we are subject, or
- the personal data has been collected relating to information society services, pursuant to Art. 8 para. 1 GDPR.
This does not apply if the processing is necessary in order to exercise the right to freedom of expression and to information, to fulfil a legal obligation, on grounds of the public interest, or in order to assert, exercise or defend legal claims.
5. The right to restriction of processing
Pursuant to Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data if:
- You dispute the correctness of the data for a period of time that enables us to check the correctness of your data,
- The processing is unlawful, but you refuse to have the data erased and instead request the restriction of processing,
- We no longer need the data, but you need it in order to assert, exercise or defend legal claims, or if
- You have filed an objection to the processing, pursuant to Art. 21 GDPR, as long as it has not been firmly established whether our legitimate reasons outweigh your own reasons.
In such a case, it will only be permitted to process your data, apart from the storage of data, with your consent or for specific, legally stipulated purposes, particularly for the purpose of prosecution and of protecting the rights of other persons. We will notify you before the said restriction of processing is lifted.
6. The right to data portability
Pursuant to Art. 20 GDPR, you have the right to request to receive the personal data, which you have provided to us, in a structured, commonly used and machine-readable format, or to have it transferred to another data controller.
7. The right to file an objection to the processing
Under certain conditions, you also have the right, pursuant to Art. 21 GDPR, to file an objection to the processing of your personal data. Regarding this point, please read our specific information under Pt. 10: Specific information on your right to object, pursuant to Art. 21 GDPR.
8. Notice on exercising the rights specified under Pts. 1 – 7 above
If you would like to exercise your aforementioned rights, you can contact us at any time. To do this, it suffices if you, for example, send an e-mail to the Data Protection Officer via datenschutz@berner-safety.de or a message to the contact address given in the company details.
9. The right to file a complaint at a supervisory authority
You moreover have the right, pursuant to Art. 77 GDPR, to file a complaint at a supervisory authority. To do this you can, for example, contact the supervisory authority responsible for the place where your habitual place of residence or workplace or our headquarters is located. You will find a list of supervisory authorities here:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
10. Specific information on your right to object, pursuant to 21 GDPR
In the following, we particularly wish to draw your attention to your right to object, pursuant to Art. 21 GDPR:
The right to object
a) The right to object in individual cases, pursuant to Art. 21 para. 1 GDPR
The precondition for exercising this right to object is that the data processing is carried out on the basis of Art. 6 para. 1 clause 1 lit. e) or f) GDPR.
Art. 6 para. 1 clause 1 lit. e) regulates cases in which the processing is necessary for fulfilling a task that is in the public interest or that is carried out in the exercise of a public authority vested in the data controller. This primarily applies to public authorities such as the federal government, federal states and their authorities, and to private individuals who have been invested with public authority.
Art. 6 para. 1 clause 1 lit. f) GDPR permits data processing when this is necessary in order to safeguard the legitimate interests of the data controller or of a third party, provided the interests or basic rights and basic freedoms of the data subject do not outweigh the said interests.
If the data processing is carried out on one of these legal bases, you have the right to at any time file an objection to the processing of the personal data concerning you, for reasons arising from your particular situation. This also applies to profiling carried out on the basis of the said provisions.
The result of filing an objection: After an objection has been filed, we will no longer process the data, unless we are able to prove compelling legitimate grounds for the said processing that outweigh your interests, rights and freedoms, or unless the data is processed for the purpose of asserting, exercising or defending legal claims.
b) The right to object to the processing of data for direct advertising
The precondition for exercising this right to object is that your data is processed in order to conduct direct advertising.
In this case, you have the right to at any time file an objection against the data processing for the purpose of conducting this kind of advertising. This also applies to profiling, if it is connected to direct advertising.
The result of filing the objection will be that the data will no longer be processed for these purposes.
c) Exercising the right to object
If you would like to exercise your right to object in accordance with a) or b), you can contact us at any time. To do this, it suffices if you, for example, send an e-mail to the Data Protection Officer via datenschutz@berner-safety.de or a message to the contact address given in the company details.
V. Period of validity
In order to ensure that our data protection notices are always in conformity with the current legal provisions, we reserve the right to make changes to them at any time. This also applies in the event that the data protection notices have to be adapted due to new or revised offers or services. You can always access and print out the current Data Protection Declaration at any time on the website at https://www.berner-safety.de/data_protection_en
